Cybersecurity Monthly Newsletter February 2024

In this issue:

• Your Email Address: The Key to Your Digital Life

• Cybersecurity Shorts

• Software Updates

Welcome to your February Savvy Cybersecurity newsletter. Read on to learn more about:

• AI robocalls impersonating President Biden
• How AI and social media could impact upcoming elections
• And more

Your Email Address: The Key to Your Digital Life

For many of us, our primary email address, whether personal or business, unlocks the rest of our digital life. Once a hacker breaks into your email address, they can easily access any linked accounts by completing a reset password.

A break-in of your primary email address exposes various aspects of your life. For one, your private life is unmasked: your correspondence, names, addresses, phone numbers, appointments, messages, passwords, photos, and more are in the hands of a hacker.

Social media activity is at risk—your Facebook, Instagram, and LinkedIn accounts can all be accessed via your email.

Your medical history also becomes public. Many insurance companies send notifications via email about new claims and payments. Clicking on a link in an email from your health insurance provider can give a hacker enough information to commit medical identity theft—a rising threat.

And we’re not done yet. A hacked email account can also uncover sensitive business information such as internal documents, salary records, competitive intelligence, and client notes. Any work you’ve done with a non-profit or in your community can be found as well.

Most dangerous: If your online bank, brokerage, or other financial accounts are linked to your personal email address, hackers now have a path to your money. Once they control your email account, they can hijack your bank account by performing a password reset and then start transferring money.

As you can see, your email account is a digital version of you. Unauthorized access gives the thief enough information to impersonate you and commit frauds that affect all areas of your life.

Keeping hackers away from your money

In order to protect your most sensitive financial accounts, you need to reduce your digital footprint by creating a secret email address. This email will only be used for your financial accounts—credit cards, brokerage banks—reducing the chance that it will get swept up in the next data breach.

Using a secret email address for your financial accounts is a key recommendation we make in Hack- Proof Your Life Now! The New Cybersecurity Rules: Protect your email, computers, and bank accounts from hacks, malware, and identity theft.

When you create your secret email address, you do not want it to include any revealing information such as your first name, last name, initials, or birth date in your username.

You also want to choose the strongest security features to protect this account. Many email providers have begun phasing out password recovery questions because the answers can often be found by searching on the Internet. If you can, choose a recovery phone number for password reset. With this option, a code will be sent to your mobile phone and you will need to provide that code in order to complete the password reset.

Be sure to keep this secret email separate from your primary email address. Doing so will help you maintain secrecy and reduce the chances that a hacker can gain access to your finances.

Cybersecurity shorts

Biden AI robocalls traced to Texas-based telecom. Robocalls that feature the AI-generated voice of President Biden to New Hampshire voted ahead of their state primary elections last month allegedly originated from a Texas-based telecommunications firm called Life Corporation. Additionally, the New Hampshire Attorney General announced that they had identified one individual as the person who was behind the scam that urged Democratic voters to stay away from the polls on election day. You can read more about the state’s statement here.

Pentagon investigates ransomware group for theft of sensitive files. The ransomware group known as ALPHV or BlackCat announced that they had stolen and threatened to leak 300 gigabytes of data from Technica, an IT services company that describes itself as working with the federal government and “their mission to support, to defend, and protect America’s citizens.” Now, the DOD office responsible for background investigations is working with law enforcement to examine these claims the Pentagon recently told the news. You can read more about this investigation here.

Iranian officials sanctioned over Pennsylvania water facility hack. Earlier this month, the Treasury Department announced sanctions against half a dozen of Iranian government officials for their role in targeting a Pennsylvania water utility in November 2023. Thankfully, the incident didn’t cause any impact to the safety of the facility or drinking water in the area. Nonetheless, the Department said, “unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences.” Additionally, working behind a flimsy persona – the “Cyber Av3ngers” – the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) targeted programmable controllers that were manufactured by Unitronics, an Israeli company.

State Department to not issue visas to individuals linked to spyware abuse. On a case-by-case basis, the State Department has decided to deny visas for individuals who are seeking to travel to the US and who have been implicated in the misuse of commercial spyware. This move is the latest of the Biden administration that seeks to curtail the proliferation of commercial spyware. Currently, it is unclear what impact this ban will have on the further proliferation of commercial spyware. But, on a call with reporters, a senior administration official said that the policy will be applied based on information available to the US government when an individual applies for a visa. You can read more here.

Meta’s Oversight Board slams company policies. Meta’s quasi-independent Oversight Board sharply rebuked the company for only applying its rules for manipulated media to AI-generated material with the argument that the policy is, “incoherent” and poses a great risk ahead of the string of elections around the world this year. Additionally, the board urged the platform to cast a wider net ahead of historic global elections this year that many experts warn could be influenced by manipulated media of any kind. 

Software updates

Adobe: Over 30 security flaws were closed in Adobe’s update this month affecting Acrobat, Reader, and other programs. Currently, none of the 30 vulnerabilities are being exploited but you should still update as soon as possible. You can learn more about the update here.

Microsoft: Microsoft released updates for over 70 security issues this month. Two of these flaws are currently being exploited in the wild—affecting Microsoft Exchange Server and Windows SmartScreen. Your devices should prompt you to update automatically but you can learn more about the updates here.

SERVICES WE OFFER RELATED TO THIS TOPIC

The information contained in this post is for general use and educational purposes only.  However, we do offer specific services to our clients to help them implement the strategies mentioned above.  For specific information and to determine if these services may be a good fit for you, please select any of the services listed below.